Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UMA AM validation in scenarion when oxauth behind te proxy #472

Closed
yurem opened this issue Feb 8, 2017 · 1 comment
Closed

UMA AM validation in scenarion when oxauth behind te proxy #472

yurem opened this issue Feb 8, 2017 · 1 comment
Assignees
@yuriyz @yurem
Labels
bug bug in code
Milestone
3.1.0

Comments

@yurem
Copy link
Contributor

yurem commented Feb 8, 2017

With proxy we get error:

NFO   | jvm 1    | 2017/02/08 19:13:46 | 2017-02-08 19:13:46,284 ERROR [org.xdi.oxauth.service.uma.UmaValidationService] Get request for another AM: 'ce-release.gluu.org:443'
INFO   | jvm 1    | 2017/02/08 19:13:46 | 2017-02-08 19:13:46,285 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Looking for the error with id: invalid_request
INFO   | jvm 1    | 2017/02/08 19:13:46 | 2017-02-08 19:13:46,285 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Found error, id: invalid_request
INFO   | jvm 1    | 2017/02/08 19:13:46 | 2017-02-08 19:13:46,285 ERROR [xdi.oxauth.uma.ws.rs.CreateRptWS] Exception happened
INFO   | jvm 1    | 2017/02/08 19:13:46 | javax.ws.rs.WebApplicationException
INFO   | jvm 1    | 2017/02/08 19:13:46 |       at org.xdi.oxauth.service.uma.UmaValidationService.validateAmHost(UmaValidationService.java:84)
INFO   | jvm 1    | 2017/02/08 19:13:46 |       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

In testing environment there are 2 servers:

  1. cr-prev-version.gluu.org (Kong proxy)
  2. ce-release.gluu.org (CE 2.4.4.3)

The flow is the next:
https://ce-prev-version.gluu.org:9443/ -> https://ce-release.gluu.org

In oxAuth configuration we changed token endpoint URL to point to proxy:
"tokenEndpoint":"https://ce-prev-version.gluu.org:9443/oxauth/seam/resource/restv1/oxauth/token",

In the UMA metadata issuer is:

  "issuer" : "https://ce-release.gluu.org",

But it expects https://ce-prev-version.gluu.org

I think the proxy is just and intermidiary and real UMA AM is "https://ce-release.gluu.org"

Here is UMA configuration: https://ce-prev-version.gluu.org:9443/.well-known/uma-configuration
@yurem yurem added the bug bug in code label Feb 8, 2017
@yurem yurem added this to the CE 3.1.0 milestone Feb 8, 2017
@yurem yurem assigned yuriyz and yurem Feb 8, 2017
@yurem
Copy link
Contributor Author

yurem commented Feb 9, 2017

According to Mike:

I have been advising that the Gluu Server needs to be configured with the hostname of the load balancer.
for example, the discovery url should display the Load Balancer / Proxy hostname
because the client
never sees the backend hostname

Hence during adding API in order to correct RPT endpoint work we need to add parameter 'preserve_host=true' for proper UMA Client work

@yurem yurem closed this as completed Feb 9, 2017
yurem added a commit that referenced this issue Feb 9, 2017
@yurem
UMA AM validation in scenarion when oxauth behind te proxy #472
b89e90c
yurem added a commit that referenced this issue Feb 9, 2017
@yurem
UMA AM validation in scenarion when oxauth behind te proxy #472
a3aa0f2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

@yurem yurem

Labels
bug bug in code
Projects
None yet
Milestone
3.1.0
Development

No branches or pull requests
2 participants
@yuriyz @yurem